IPv6: It's now reality, not theory
- By William Jackson
- Dec 02, 2011
With this summer’s exhaustion of new IPv4 addresses, the adoption of the next generation of Internet protocols is becoming reality, not an event predicted for the distant future. This means that enterprises would be well advised to begin now addressing how they will ready their networks for IPv6.
There is still some breathing room — years, in fact — before IPv6 becomes a fait accompli. According to one estimate from the Gartner Group, by 2015 about 17 percent of the Internet will be using IPv6 and more than a quarter of newcomers to the Internet will be using it.
But although the numbers indicate that IPv6 will continue to make up a minority of Internet traffic for the next few years, they represent a large and rapid increase in that traffic. A recent scan by Infoblox, a vendor of IP address management tools, indicated that the percentage of zones under the .com, .net and .org top-level domains now supporting IPv6 increased 20-fold in 2011, to more than 25 percent of the zones sampled.
6 tips for securing IPv6
Don't panic: IPv4 address depletion is not a crisis
Supporting IPv6 on a DNS name server is not the same as having people actually using the protocols. “The percentage of IPv6 traffic, while it has been increasing, is still very small,” said Cricket Liu, general manager of the Infoblox IPv6 Center of Excellence.
But managers and administrators should use this breathing room to learn about managing the new protocols and planning for their implementation, rather than waiting to address these tasks under the crush of a shifting paradigm. Budgets are tight and a shift to new networking protocols might have a low priority, especially when maintaining and defending networks under the old protocols is taking up all of your time. But trying to manage and defend a network under a flood of the new packets will be a lot more expensive and troublesome.
Plenty of help is available. The National Institute of Standards and Technology has published "Guidelines for the Secure Deployment of IPv6" (Special Publication 800-119), and most networking vendors, such as Cisco, offer literature, products and services to help with the transition.
Infoblox has identified Seven Deadly Traps of IPv6 Deployment that organizations should avoid:
- Review how you will configure and track IP address. Managing the 128-bit IPv6 addresses is a different task from managing 32-bit IPv4 addresses.
- Review your Domain Name System architecture. The DNS architecture will need to be able to deliver both IPv4 and IPv6 records for the foreseeable future.
- Review security and maintenance policies. There is little real-world experience with IPv6 security issues, and a thorough threat assessment will be needed.
- Inventory your current network infrastructure. This should go without saying — but they are saying it anyway.
- Review your application compatibility. Organizations shouldn’t assume that their network applications will function as expected on an IPv6 network, and they should be tested before a switchover.
- Update back-end tools. New tools will be needed to troubleshoot and manage the new network.
- Monitor network performance. Almost all vendors claim to be IPv6 ready, but actual performance in a working network might not be ideal.
This is just one take on issues to be considered in the transition to IPv6 ,and there is a lot of other guidance and advice available. If you have not already done so, pick your sources and start looking for help.
William Jackson is a Maryland-based freelance writer.